Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squidguard, 2 ACL with diffrent Times, not working ???

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jesperdb
      last edited by

      Hello.

      Im running a PfSense Firewall with Squid and Squidguard installed, with 2 Configured ACL's for the same network (172.16.0.0/16)
      First one block for, porn/gambling etc. in work hours 07.30-15.30
      Second one i want to block for facebook all working hours except 07.30-08.00 and 11.30-12.00 i got the time schedules right, but only one of the ACL's are active at a time :/

      If i set the Facebook one first, it blocks just fine, but opens for everything else and if i switch them it opens for facebook but block to other content.

      Any suggestions?  ???

      1 Reply Last reply Reply Quote 0
      • D
        dvserg
        last edited by

        Must exists one ACL per network.
        Use Second RuleSet for manage access at out of hours.

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • A
          agismaniax
          last edited by

          I have the same problem too. Here is my squidguard.conf:

          
/usr/local/etc/squidGuard/squidGuard.conf
# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

#
time time_FB_TW_DENY {
weekly * 08:31-11:29
weekly * 13:31-16:59
}

#
time time_FB_TW_ALLOW {
weekly sat 00:00-23:59
weekly sun 00:00-23:59
weekly * 00:00-08:30
weekly * 11:30-13:30
weekly * 17:00-23:59
}

#
src acl_FB_TW_DENY {
ip 172.16.0.0/16
log block.log
}

#
src acl_FB_TW_ALLOW {
ip 172.16.0.0/16
log block.log
}

#
dest bl_FB_TW {
domainlist bl_FB_TW/domains
log block.log
}

#
rew safesearch {
s@(google\..*/search?.*q=.*)@\1\&safe=active@i
s@(google\..*/images.*q=.*)@\1\&safe=active@i
s@(google\..*/groups.*q=.*)@\1\&safe=active@i
s@(google\..*/news.*q=.*)@\1\&safe=active@i
s@(yandex\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
s@(search\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
s@(search\.live\..*/.*q=.*)@\1\&adlt=strict@i
s@(search\.msn\..*/.*q=.*)@\1\&adlt=strict@i
log block.log
}

#
acl {
#
acl_FB_TW_DENY within time_FB_TW_DENY {
pass all
redirect http://172.16.4.254:8080/sgerror.php?url=403%20Tidak%20boleh%20akses%20Facebook%20atau%20Twitter%20disaat%20jam%20kerja%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
} else {
pass !bl_FB_TW all
redirect http://172.16.4.254:8080/sgerror.php?url=403%20Tidak%20boleh%20akses%20Facebook%20atau%20Twitter%20disaat%20jam%20kerja%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}
#
acl_FB_TW_ALLOW within time_FB_TW_ALLOW {
pass all
log block.log
} else {
pass bl_FB_TW all
redirect http://172.16.4.254:8080/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}
#
default {
pass none
redirect http://172.16.4.254:8080/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}
}

          only the acl_FB_TW_DENY is working.

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            http://diskatel.narod.ru/sgquick.htm

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.